Dan Horák
2008-Jun-18 07:35 UTC
[Dovecot] don't follow symlinks when creating mailbox list
Hi, this issue was discussed here twice in the not so far history (http://www.dovecot.org/list/dovecot/2008-January/028317.html, http://www.dovecot.org/list/dovecot/2008-February/029147.html), but I need to open it again as it makes problems for our users on one side and on the other side we don't want to diverge from the upstream sources in our packages. I agree with Timo that simply disabling the symlink following in creating the mailbox list can give a false sense of security so the question is whether a permanent solution can be developed and how it should look like? Regards, Dan -- Fedora and Red Hat package maintainer
Timo Sirainen
2008-Jun-18 09:38 UTC
[Dovecot] don't follow symlinks when creating mailbox list
On Wed, 2008-06-18 at 09:35 +0200, Dan Hor?k wrote:> this issue was discussed here twice in the not so far history > (http://www.dovecot.org/list/dovecot/2008-January/028317.html, > http://www.dovecot.org/list/dovecot/2008-February/029147.html), but I > need to open it again as it makes problems for our users on one side and > on the other side we don't want to diverge from the upstream sources in > our packages. I agree with Timo that simply disabling the symlink > following in creating the mailbox list can give a false sense of > security so the question is whether a permanent solution can be > developed and how it should look like?Permanent solution would be to put your mailboxes in a separate directory where users preferrably don't even have write access, so they can't create broken symlinks. Other than that, I see only kludgy solutions. Although I suppose I could consider including a check that keeps track of which directories are scanned and stops if it encounters a loop. Is your problem with loops or just that symlinks point to huge directory structures outside home dir? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20080618/e577de9e/attachment-0002.bin>
Dan Horák
2008-Jun-18 13:01 UTC
[Dovecot] don't follow symlinks when creating mailbox list
Timo Sirainen p??e v St 18. 06. 2008 v 12:38 +0300:> On Wed, 2008-06-18 at 09:35 +0200, Dan Hor?k wrote: > > this issue was discussed here twice in the not so far history > > (http://www.dovecot.org/list/dovecot/2008-January/028317.html, > > http://www.dovecot.org/list/dovecot/2008-February/029147.html), but I > > need to open it again as it makes problems for our users on one side and > > on the other side we don't want to diverge from the upstream sources in > > our packages. I agree with Timo that simply disabling the symlink > > following in creating the mailbox list can give a false sense of > > security so the question is whether a permanent solution can be > > developed and how it should look like? > > Permanent solution would be to put your mailboxes in a separate > directory where users preferrably don't even have write access, so they > can't create broken symlinks.Yes, that's true :-)> > Other than that, I see only kludgy solutions. > > Although I suppose I could consider including a check that keeps track > of which directories are scanned and stops if it encounters a loop. Is > your problem with loops or just that symlinks point to huge directory > structures outside home dir? >The main problem are loops that are taking the imap process into endless search. The February thread contains your workaround (patch) that blocks all symlinks which means even the harmless ones. Dan -- Fedora and Red Hat package maintainer